[OZAPRS] aprs.net.au Hosting

Matthew Cook vk5zm at bistre.net
Wed Aug 24 10:51:14 AEST 2016 

If you are considering a Wordpress site or host then make sure you install
the Wordfence plugin especially if you're not going to be monitoring it
often. I've recently upgraded all of the WP sites I host on my VPS to this
basic config.  I also include Jetpack so that I don't have to go too far to
monitor activity and hits.  One of the greatest exploits for WP sites is
the plugins themselves, you'd be surprised how much protection these
actually require on their own.   Thankfully the WF plugin will take care of
most of the well known ones with it's own firewall and tell you the ones
which it can't deal with and are there for your own problem.

In terms of static vs dynamic content simply stop all comments on the site,
turn on a "proxy cache" (external plugin or enable falcon in Wordfence) and
set a long expiry date on the cache say 1-2 months.  That will effectively
lock the content of the site, when new content is available it's cached the
first time called.  If you update or want to push changes, simply force the
cache to be deleted.  When requests are made to the site instead of running
through apache/php you get served static content.  It also means that
exploits in WP plugins are effectively delayed by the period of the cache,
meaning free or low cost solutions can be considered in terms of WF, IDS
and other malware software.

Finding a "good webhost" that does malware scanning is good provided they
also keep it up to date.  There is another zero-day exploit of the WP code
in the wild right now that I caught. detected, locked out and fixed earlier
this week.  A very sneaky bit of code.  The IDS on the webserver triggered
a warning and raised the flag, the other systems lagged behind by 24-48
hours.. YMMV.

73

Matthew
VK5ZM


On 24 August 2016 at 07:14, Marcus B <mrmabs at gmail.com> wrote:

> Here's a question, does it actually need an interactive website, would
> static content do the same job? Saves a lot of security hassle. Especially
> since updates are few and far between.
>
> On my own website (vk3tst.com) I use a simple one html page wiki that I
> have upload automatically (to Dropbox) when I change it.
>
> 73, Marcus, vk3tst/vk5wtf
>
> On Wed, 24 Aug 2016, 06:13 Damien Gardner <vk2tdg at gmail.com> wrote:
>
>> That's why a good webhost pays the $60/year for softaculous on their
>> server ;)   It automatically upgrades all wordpress (and joomla, and
>> drupal, and magento, etc etc etc) installs on the server every week, so
>> they can never fall behind.. :)
>>
>> Most good hosts also run CXS for real-time malware detection, which among
>> it's weekly scans, also notifies the server admin of any wordpress etc
>> installs which are behind current versions - so you can notify customers
>> that they have x days to upgrade or their site will be disabled.
>>
>> On 23 August 2016 at 17:50, Brendan Pratt - vk4blp <
>> vk4blp at southsidears.org.au> wrote:
>>
>>> Ian wrote on 23/08/2016 5:09 PM:
>>>
>>>> Just make sure you keep your Wordpress installation up to date with
>>>> security patches - there are a number of exploits around for the
>>>> out-of-date versions... (Some of the older ones have as much security as a
>>>> colander...)
>>>>
>>>
>>> A HUGE +1 to that.... keep getting people with many updates shy of what
>>> they really need to have on their WP sites.
>>>
>>>
>>>> -Ian ZL1VFO
>>>>
>>>> ~ Snip ~
>>>>
>>>> Subject: Re: [OZAPRS] aprs.net.au Hosting
>>>>> Message-ID: <243B8F73-D02A-4982-BBC6-E25207095B04 at tech-software.net>
>>>>> Content-Type: text/plain; charset="utf-8"
>>>>> Wordpress rocks
>>>>>
>>>> _______________________________________________
>>> OZAPRS mailing list
>>> OZAPRS at aprs.net.au
>>> http://lists.aprs.net.au/mailman/listinfo/ozaprs
>>>
>>
>> _______________________________________________
>> OZAPRS mailing list
>> OZAPRS at aprs.net.au
>> http://lists.aprs.net.au/mailman/listinfo/ozaprs
>>
>
> _______________________________________________
> OZAPRS mailing list
> OZAPRS at aprs.net.au
> http://lists.aprs.net.au/mailman/listinfo/ozaprs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aprs.net.au/pipermail/ozaprs/attachments/20160824/43c9f0cd/attachment.html>

More information about the OZAPRS mailing list